Privacy Policy

Effective date: May 1, 2026

Overview

This privacy policy explains how we collect, use, and protect information when you use this bulletin coordinator web application. This is a small personal project run by Robert Hicks for use by a single local congregation only. It is not affiliated with, endorsed by, or sponsored by The Church of Jesus Christ of Latter-day Saints.

Operator

This application is operated by Robert Hicks (individual, not a business entity) for personal use by his local ward. The governing law is that of the State of Utah.

For any questions or privacy-related requests, contact: rob@hixfamily.org

Information We Collect

This application collects information only to the extent needed to operate the weekly bulletin cycle.

Admin Information

  • Phone number (required, used as an identifier at sign-in).
  • Name (required) and email address (optional).
  • Encrypted TOTP secret (used to verify codes from your authenticator app).
  • Hashed single-use recovery codes (for backup access if the authenticator is lost).
  • Session tokens stored securely in HTTP-only cookies.

Contributor Information

  • Phone number and name (added by ward admins).
  • Role (e.g., auxiliary leader) and default bulletin section.

Bulletin Content

  • Theme, meeting time, and presiding/conducting/chorister/organist names.
  • Announcements entered by ward admins.
  • Optional cover image stored as binary data.

What We Do Not Collect

We do not use tracking cookies, analytics, advertising, or targeted marketing. We do not collect payment information, social security numbers, or any other data unrelated to bulletin operations. The only cookie set after sign-in is the session cookie needed for authenticated access.

How We Use Information

  • Authentication: Admin identity is verified via a time-based one-time password (TOTP) from your authenticator app, or via a single-use recovery code.
  • Bulletin operations: Contributor information is used to attribute announcements and organize the weekly ward bulletin.
  • Content polishing: Bulletin announcement text may be sent to Google's Generative AI API to lightly polish wording before publication.
  • Service improvement: Operational logs help troubleshoot technical issues and monitor system health.

Third-Party Services (Sub-Processors)

This application uses the following third-party services. Your data is shared with these services as necessary to provide the application.

Google LLC (Gemini API)

We use Google's Generative AI API (Gemini) to polish bulletin announcement text. Announcement text is sent to Google for processing. Review their privacy policy at policies.google.com/privacy.

Fly.io, Inc.

The application is hosted on Fly.io's cloud platform in the San Jose region. Your data is stored on Fly.io's infrastructure. Review their privacy policy at fly.io/legal/privacy.

PostgreSQL Database

We use PostgreSQL as our database, which runs on Fly.io's infrastructure. No separate sub-processor agreement applies.

Data Retention

  • Bulletin content: Retained indefinitely as part of the ward's bulletin archive.
  • Authenticator secret and recovery codes: Retained until you reset your enrollment or are removed as an admin.
  • Session tokens: Expire per the cookie's configured lifespan. Sessions can be revoked by signing out.
  • Personal data: You may request removal of your personal information (name, phone, email) by emailing rob@hixfamily.org. Note: published bulletins will not be retroactively edited, so your name may remain in past bulletin archives.

Your Data Rights

While this application operates below regulatory thresholds that would impose formal data-subject rights, we honor reasonable requests to access, correct, or delete your personal information. To exercise these rights, contact rob@hixfamily.org with your request.

Security

We employ the following security measures:

  • No passwords. Admin sign-in uses TOTP codes from your authenticator app, plus single-use recovery codes for backup access.
  • The TOTP secret is encrypted at rest with AES-256-GCM. Recovery codes are stored only as scrypt hashes.
  • Session tokens are stored in HTTP-only cookies that expire after a set period.
  • Data in transit to third-party services uses TLS encryption.
  • Database backups are managed by Fly.io.

Disclaimer: This is a small personal project, not a regulated financial or healthcare service. While we implement reasonable security practices, no system is perfectly secure. Do not submit data you consider highly sensitive.

Age Restrictions

This application is intended for use by ward members aged 13 and older. Users under 13 are not permitted. If you believe a child under 13 has been given access, please contact rob@hixfamily.org.

Changes to This Privacy Policy

This policy may be updated from time to time. The effective date will reflect any changes. Continued use of the application after changes constitutes acceptance of the revised policy.

Contact

For questions, requests, or concerns about privacy, contact Robert Hicks at rob@hixfamily.org.

Back to sign in